#VU39344 Out-of-bounds read in Binutils - CVE-2017-7304
Published: March 29, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU39344
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-7304
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Binutils
Binutils
Software vendor:
GNU
GNU
Description
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.
Remediation
Install update from vendor's website.